Message Image

Skip main navigation (Press Enter).

How "LDAP Primary Retry Interval' works on AD/LDAP Authentication Source?

By esupport posted Apr 16, 2020 01:14 AM

Mark as Inappropriate

Kudos

Q:

How "LDAP Primary Retry Interval' works on AD/LDAP Authentication Source?

A:

Radius Module Workflow:

After Primary LDAP/AD source down, ClearPass sends the authentication request to the Backup servers in the Authentication source.
If the Authentication is successful, ClearPass forwards all the authentication requests to the Backup server.
Radius module will not fall back to the primary server again as long as the communication to the backup server is good or unless we restart the radius service.

Policy Module Workflow:

After the Primary LDAP/AD server down, ClearPass sends the authorization request to one of the Backup servers in the Authorization source.
If the Authorization successful, ClearPass forward all the requests to the Backup server.
We can specify how long ClearPass can waits before it tries to connect to the Primary server.
This can be configured under "Administration > Server Manager > Server Configuration > Select the server > Service Parameters > Policy Server: LDAP Primary Retry Interval
By default it will set to "600 secs", we can modify this value.
If Primary is down, ClearPass will wait for 600 secs and then check with the Primary server for AD/LDAP Authorization.

Screenshot from Authentication source with Backup Servers:

Service Parameter:

0 comments

0 views

At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.

© Copyright 2021 Hewlett Packard Enterprise Development LP
All Rights Reserved.

Powered by Higher Logic